How do I log failed attempts to log in to my Amazon RDS instance running MySQL?
Last updated: 2019-12-12
I want to track failed or aborted connections to my DB instance for security purposes. How do I track failed attempts to connect to an Amazon Relational Database Service (Amazon RDS) instance running MySQL?
Failed or aborted connections to DB instances running MySQL are logged in error.log. By default, the log_warnings DB parameter in the custom DB parameter group associated with the DB instance is enabled to track failed attempts to connect to a DB instance that is running MySQL. If the value is greater than one, the server logs the aborted connections and the access-denied errors when new connections are attempted.
If a user attempts to log in to your DB instance with the wrong credentials, the failed attempts are captured to error.log in a form similar to the following:
2016-08-23 15:03:37 1183 [Warning] Access denied for user 'tester'@'18.104.22.168' (using password: NO)
Note: For DB instances running MySQL 5.7.2 and later, use log_error_verbosity instead of log_warnings. For more information, see the MySQL documentation for log_error_verbosity.
It's a best practice to enable general_log for short-term troubleshooting, and to disable it again after you finish troubleshooting. When enabled, general_log records every executed query, resulting in significant overhead on production DB instances with heavy workloads.